Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Connectivity

Security Experts Agree: The NSA Was Hacked

Analysis of the software tools made available by the Shadow Brokers suggests that they’re the real deal.

It looks as if the NSA has indeed been hacked.

A group of hackers known as the Shadow Brokers is currently selling off cyber-spying tools, which it claims belong to the U.S. government, in an online auction. Now, analysis of software that the group made freely available to prove its legitimacy suggests that it’s authentic, and likely to belong to the National Security Agency.

The Shadow Brokers claimed that their initial public release of the software included tools that could be used to break into firewall systems from companies like Cisco Systems and Juniper Networks. Just days later, Cisco has urgently announced that it’s going to patch two vulnerabilities in its firewall systems, which may have been exploited since as early as 2013. Security experts had claimed that the espionage tools appeared to be old, but Cisco appears to be seeing some of them for the first time.

NSA director Michael Rogers.

Meanwhile, Russian security firm Kaspersky has also been interrogating the software. It’s discovered unusual math in the code that’s been published so far, which it believes ties the software to the so-called Equation Group. Kaspersky identified the previously unknown Equation Group last year, and at the time Reuters claimed that it was the work of the U.S. National Security Agency. The same quirky mathematics seen in last year’s analysis is also present in the recently released code.

Ex-NSA employees have also told the Wall Street Journal that they believe the code published by the Shadow Brokers to be “authentic.”

These scraps of information raise the question of why the NSA had for years been sitting on vulnerabilities that affect widely used networking gear. They also suggest that the agency may have gone against White House policy on when it is reasonable to keep flaws secret.

The Cisco bugs were zero-day vulnerabilities, so called because they give the author of a piece of software zero days to identify and distribute a solution. Zero-days are valuable to criminals and spies because they can be used to break into systems undetected.

Organizations in the business of hacking, like the NSA, can secretly stockpile vulnerabilities to keep their operations stealthy. Critics of the NSA have accused it of weakening Internet security by hoarding zero-days and preventing companies from fixing their products. 

In 2013, the Obama administration quietly created a new process that all government departments must follow to decide whether it was reasonable to keep a zero-day vulnerability secret. In 2014 the National Security Council cybersecurity coordinator Michael Daniel told Wired that the process led to the NSA sharing the majority of flaws that it identifies. But the Shadow Brokers leak suggests that the NSA was breaking the rules, according to Columbia University researcher Jason Healey.

Even with evidence suggesting this freely published software is genuine, it remains unclear exactly what tools lurk in the software the Shadow Brokers have put up for sale. The highest bidder will get to find out.

(Read more: Ars Technica, Wall Street Journal, Wired, “Hackers Claim to Be Selling Secret U.S. Spy Software,” "Welcome to the Malware Industrial Complex")

The latest Insider Conversation is live! Listen to the story behind the story.

Subscribe today
Already a Premium subscriber? Log in.
NSA director Michael Rogers.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.